Data storage devices typically provide a storage medium for storing user and other data. When it is desirable to protect such data from unauthorized access, software applications (typically within an attached computer system) perform the encryption and pass the encrypted data to the data storage device for storage. Recently, hardened security storage devices have been introduced, which perform at least a portion of the encryption/decryption operations within the storage device. Often such systems employ an encryption/decryption key that is stored in a non-volatile memory within the storage device, such as an electrically erasable programmable read only memory (EEPROM).
Unfortunately, data storage devices that employ an encryption key that is stored in such a non-volatile memory (or that is stored on a remote server, for example) can be susceptible to physical attack. For example, the encryption/decryption key may be discovered by intercepting and analyzing messages between the attached computer system and the data storage device. Alternatively, the key can be discovered by physically opening the storage device and probing the storage device itself. Some conventional applications have attempted to address the latter security hole by storing the encryption key in a memory that is erased when the storage device housing is opened. However, if it is known that such security measures are in place, it is possible to bypass the security feature and thereby thwart the protective measure.
Therefore, there is an ongoing need for secure data storage where the key is not susceptible to physical attack. Embodiments of the present invention provide solutions to these and other problems, and offer other advantages over the prior art.